Good morning,
We're having an intermittent issue on our Firewall currently that is causing [one of] our full DNAT rules to intermittently stop working - with no pattern.
Rule setup:
Full DNAT (Business Application Rule)
Source: WAN, LAN (to allow loopback on Public IP)
Allowed: Any
Destination: #PortC Alias OR IP object [both have been tried]
Services: Selected mostly pre-made services: HTTP, HTTPS, ICMP, PING, HTTP_UDP (Custom), HTTPS_UDP (Custom)
Forward to: Protected Server [LAN IP Object]
Protected Zone: LAN
Advanced: Everything unticked/None/No restrictions
Log Traffic: Ticked
Symptoms:
We have 4 of these rules set up, and every few days [about 4 days currently] one [random] of them will stop working.
Outside hosts will be unable to contact the server via any of the open ports.
Inside hosts that use the WAN IP are still able to access the device.
TCPDump shows LOTS of traffic still going in and out of the server
drop-packet-capture shows nothing being dropped.
OTHER DNAT rules continue to work. Only one rule seems to be affected at a time.
Attempted fixes, that don't work:
Bypass stateful firewall
Re-order Firewall rules to reset the Firewall rule table
Disable secondary internet connection
Disable and re-enable the rule
Fixes that work instantly:
Change Destination Host/Network from the #PortC to the Public IP object (or vice-a-versa).
Reboot
Slight complication:
We have a two tiered firewall system - inside and outside. Inside Firewall is a Virtual XG, Outside XG is a 220. Only making changes on the inside firewall fixes the issue.
This thread was automatically locked due to age.